build(deps-dev): bump bandit from 1.7.0 to 1.7.1 (#1793)

* build(deps-dev): bump bandit from 1.7.0 to 1.7.1 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.7.0...1.7.1) --- updated-dependencies: - dependency-name: bandit dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * *: fix bandit false positives Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-15 09:16:16 +01:00 · 2021-11-15 09:16:16 +01:00 · f7044e41c6
parent fa59fec17a
commit f7044e41c6
4 changed files with 12 additions and 12 deletions
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -318,7 +318,7 @@
                "sha256:a0713dc7a1de3f06bc0df5a9567ad19ead2d3d5689b434768a6145bff77c0667",
                "sha256:f184f0d851d96b6d29297354ed981b7dd71df7ff500d82fa6d11f0856bee8035"
            ],
-            "markers": "python_full_version >= '3.6.2' and python_full_version < '4.0.0'",
+            "markers": "python_version < '4' and python_full_version >= '3.6.2'",
            "version": "==0.3.0"
        },
        "click-plugins": {
@ -1702,11 +1702,11 @@
        },
        "bandit": {
            "hashes": [
-                "sha256:216be4d044209fa06cf2a3e51b319769a51be8318140659719aa7a115c35ed07",
+                "sha256:a81b00b5436e6880fa8ad6799bc830e02032047713cbb143a12939ac67eb756c",
-                "sha256:8a4c7415254d75df8ff3c3b15cfe9042ecee628a1e40b44c15a98890fbfc2608"
+                "sha256:f5acd838e59c038a159b5c621cf0f8270b279e884eadd7b782d7491c02add0d4"
            ],
            "index": "pypi",
-            "version": "==1.7.0"
+            "version": "==1.7.1"
        },
        "black": {
            "hashes": [
@ -1934,7 +1934,7 @@
                "sha256:6f62d78e2f89b4500b080fe3a81690850cd254227f27f75c3a0c491a1f351ba7",
                "sha256:e8443a5e7a020e9d7f97f1d7d9cd17c88bcb3bc7e218bf9cf5095fe550be2951"
            ],
-            "markers": "python_version < '4' and python_full_version >= '3.6.1'",
+            "markers": "python_version < '4.0' and python_full_version >= '3.6.1'",
            "version": "==5.10.1"
        },
        "lazy-object-proxy": {
--- a/authentik/policies/hibp/tests.py
+++ b/authentik/policies/hibp/tests.py
@ -26,7 +26,7 @@ class TestHIBPPolicy(TestCase):
            name="test_false",
        )
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = "password"
+        request.context["password"] = "password"  # nosec
        result: PolicyResult = policy.passes(request)
        self.assertFalse(result.passing)
        self.assertTrue(result.messages[0].startswith("Password exists on "))
--- a/authentik/policies/password/tests/test_policy.py
+++ b/authentik/policies/password/tests/test_policy.py
@ -30,7 +30,7 @@ class TestPasswordPolicy(TestCase):
    def test_failed_length(self):
        """Password too short"""
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = "test"
+        request.context["password"] = "test"  # nosec
        result: PolicyResult = self.policy.passes(request)
        self.assertFalse(result.passing)
        self.assertEqual(result.messages, ("test message",))
@ -38,7 +38,7 @@ class TestPasswordPolicy(TestCase):
    def test_failed_lowercase(self):
        """not enough lowercase"""
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = "TTTTTTTTTTTTTTTTTTTTTTTe"
+        request.context["password"] = "TTTTTTTTTTTTTTTTTTTTTTTe"  # nosec
        result: PolicyResult = self.policy.passes(request)
        self.assertFalse(result.passing)
        self.assertEqual(result.messages, ("test message",))
@ -46,7 +46,7 @@ class TestPasswordPolicy(TestCase):
    def test_failed_uppercase(self):
        """not enough uppercase"""
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = "tttttttttttttttttttttttE"
+        request.context["password"] = "tttttttttttttttttttttttE"  # nosec
        result: PolicyResult = self.policy.passes(request)
        self.assertFalse(result.passing)
        self.assertEqual(result.messages, ("test message",))
@ -54,7 +54,7 @@ class TestPasswordPolicy(TestCase):
    def test_failed_symbols(self):
        """not enough uppercase"""
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = "TETETETETETETETETETETETETe!!!"
+        request.context["password"] = "TETETETETETETETETETETETETe!!!"  # nosec
        result: PolicyResult = self.policy.passes(request)
        self.assertFalse(result.passing)
        self.assertEqual(result.messages, ("test message",))
@ -62,7 +62,7 @@ class TestPasswordPolicy(TestCase):
    def test_true(self):
        """Positive password case"""
        request = PolicyRequest(get_anonymous_user())
-        request.context["password"] = generate_key() + "ee!!!"
+        request.context["password"] = generate_key() + "ee!!!"  # nosec
        result: PolicyResult = self.policy.passes(request)
        self.assertTrue(result.passing)
        self.assertEqual(result.messages, tuple())
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@ -369,7 +369,7 @@ class OAuthFulfillmentStage(StageView):
        if self.params.grant_type == GrantTypes.HYBRID:
            query_fragment["code"] = code.code
-        query_fragment["token_type"] = "bearer"
+        query_fragment["token_type"] = "bearer"  # nosec
        query_fragment["expires_in"] = int(
            timedelta_from_string(self.provider.access_code_validity).total_seconds()
        )